Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tigger.A Trojan Quietly Steals Stock Traders' Data

Posted by kdawson on from the where-the-money-is dept.

**$tarDu$t** recommends a Washington Post Security Fix blog post dissecting the Tigger.A trojan, which has been keeping a low profile while exploiting the MS08-66 vulnerability to steal data quietly from online stock brokerages and their customers. An estimated quarter million victims have been infected. The trojan uses a key code to extract its rootkit on host systems that is almost identical to the key used by the Srizbi botnet. The rootkit loads even in Safe Mode. "Among the unusually short list of institutions specifically targeted by Tigger are E-Trade, ING Direct ShareBuilder, Vanguard, Options XPress, TD Ameritrade, and Scottrade. ... Tigger removes a long list of other malicious software titles, including the malware most commonly associated with Antivirus 2009 and other rogue security software titles ... this is most likely done because the in-your-face 'hey, your-computer-is-infected-go-buy-our-software!' type alerts generated by such programs just might ... lead to all invaders getting booted from the host PC."

4 of 212 comments (clear)

  1. Re:Hmm... by interiot · · Score: 4, Interesting

    Benevolent worms are a perennial suggestion in computer security, and the conclusion is always no no no no.

  2. Now what we really need... by alvinrod · · Score: 5, Interesting

    If only there were a similar piece of malware in direct competition with this particular trojan such that both would attempt to remove the other and successfully do so.

    It is interesting how malware is adapting so that not only is it able to spread more quickly to a larger number of machines, but also that it's attempting to increase its lifespan by killing off other malware so that the host may not notice that it's infected. I wonder how long it will be until a particular program updates a virus definition list or something similar to remove all other competing malware programs as they come into existence. Also, how much better will the malware be at quickly patching machines against new zero-day exploits than actual virus scanning and prevention software?

  3. Version 2.0 by russotto · · Score: 4, Interesting

    Version 2.0 won't just steal data. It'll make trades. Aside from the obvious theft possibilities, the controller would have the ability to create his very own economic meltdown, in any companies he wished, limited only by the size of his botnet...

  4. Re:sourcing the problem by girlintraining · · Score: 3, Interesting

    I don't know em personally either, but I've got enough experience with DSM and psychological profiling to call shenanigans on your assessment.

    And yet you don't state your qualifications. Well, here's mine: I have been in information technology for eleven years, have done network and system administration at the enterprise level, and have assisted investigators tracking down so-called "hackers". I also have about four years of programming experience, mostly to support the aforementioned. I also have spent a significant portion of my professional time learning digital forensics, taking apart malware kits, and have friends that do skip-tracing professionally (they track people down, and I know people who do civil and criminal). I have also worked on classified government systems (can't say which, obviously), and busted two people on-site who attempted to access information without authorization on those systems (the men with shotguns came and took them away). I do know what to look for, and I have caught people who thought they were so very much smarter than we were. Repeatedly, and sometimes in the flesh.

    You're right, I have no idea who this person or people are. That said, if this guy was working with a herder or someone with access, the vector would have been found by now. It hasn't, which means they're not using an established botnet for deployment. Not only that, but while some of the programmic methods may be similar, that alone shouldn't make an investigator jump to the conclusion the two are in contact with one another. Especially not with the volumes of security research on how these networks operate available to the public. Even slashdot has published links to the aforementioned! All this said, again, you're also right that I don't have a degree in psychology, or criminal profiling, etc. -- I just deal with these people on the front line and I'm going by what my gut and my experience tells me should be there. A real profiler would start with known facts, which I don't have, and have a support team to get definitive answers, which I also don't have. It's still a lot better of an educated guess than most people here could make.

    --
    #fuckbeta #iamslashdot #dicemustdie